Today, 5 June 2012, the amended Dutch Telecommunications Act (Telecommunicatiewet) has entered into force, with some parts of the bill postponed until 1 January 2013. See on the amendments our previous Legal Alert.
Cookie Rules
Today, 5 June 2012, the new rules on cookies have entered into force. This amendment significantly tightens the rules concerning the use of cookies to protect the privacy of website users. The amendment requires users to be provided with clear and unambiguous information about the purposes for which the cookies are placed. Furthermore, cookies may only be placed or accessed after obtaining prior and explicit consent unless one of the exceptions applies as set forth in our previous Legal Alert.
Legal presumption for tracking cookies
The entry into force of the legal presumption regarding tracking cookies has been postponed until 1 January 2013. As reported in our previous Legal Alert, this provision includes a legal presumption that tracking cookies used to analyse web surfing behaviour constitute processing of personal data, triggering applicability of the Dutch Data Protection Act (Wet bescherming persoonsgegevens) and shifting the burden of proof from the Dutch Data Protection Authority (College bescherming persoonsgegevens) to the party placing the cookies. The Minister of Economic Affairs, Agriculture and Innovation has decided to postpone the entry into force of this legal presumption to await the developments at the European level in order to gain clarity on the scope of the cookie provision in the revised Telecommunications Directive. If no workable solution is found before 31 December 2013, the legal presumption will enter into force.
Data Security Breach Notification Obligation
The amendment introduces a notification obligation for security breaches related to personal data held by telecommunication network and service providers, which has become effective today, 5 June 2012. Telecommunication network providers should notify the Dutch Independent Postal and Telecommunications Authority (Onafhankelijke Post en Telecommunicatie Autoriteit) of security breaches which are likely to have a negative impact on privacy. If the security breach is likely to have a negative impact on the privacy of an individual, the provider should also notify the individual(s) concerned. In the event that the continuity of networks and/or services cannot be guaranteed, the telecommunication provider should also notify the Radio Communications Agency (Agentschap Telecom). To facilitate a one-stop-shop, the Dutch Independent Postal and Telecommunications Authority and the Radio Communications Agency announced the opening of a joint notification centre where telecom providers can notify both authorities simultaneously.
Net Neutrality
The entry into force of the new regulations regarding net neutrality has been postponed until 1 January 2013. The new article 7.4.a Dutch Telecommunications Act prohibits telecommunications network providers from distinguishing between various types of internet services. In respect of contracts concluded before 1 January 2013, application will be further postponed until 1 January 2014. The new article 11.2a Dutch Telecommunications Act, which will ensure the confidentiality of communications, has also been postponed until 1 January 2013. This provision prohibits the tapping, monitoring or otherwise intercepting of communication e.g. by means of data analysis tools.
